@blamejs/core 0.16.0 → 0.16.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (560) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/bin/blamejs.js +2 -0
  3. package/index.js +2 -0
  4. package/lib/_test/crypto-fixtures.js +2 -0
  5. package/lib/a2a-tasks.js +2 -0
  6. package/lib/a2a.js +2 -0
  7. package/lib/acme.js +7 -1
  8. package/lib/agent-audit.js +2 -0
  9. package/lib/agent-envelope-mac.js +2 -0
  10. package/lib/agent-event-bus.js +2 -0
  11. package/lib/agent-idempotency.js +2 -0
  12. package/lib/agent-orchestrator.js +2 -0
  13. package/lib/agent-posture-chain.js +2 -0
  14. package/lib/agent-saga.js +2 -0
  15. package/lib/agent-snapshot.js +2 -0
  16. package/lib/agent-stream.js +2 -0
  17. package/lib/agent-tenant.js +2 -0
  18. package/lib/agent-trace.js +2 -0
  19. package/lib/ai-adverse-decision.js +2 -0
  20. package/lib/ai-aedt-bias-audit.js +2 -0
  21. package/lib/ai-capability.js +2 -0
  22. package/lib/ai-content-detect.js +2 -0
  23. package/lib/ai-disclosure.js +2 -0
  24. package/lib/ai-dp.js +2 -0
  25. package/lib/ai-frontier-protocol.js +2 -0
  26. package/lib/ai-input.js +2 -0
  27. package/lib/ai-model-manifest.js +2 -0
  28. package/lib/ai-output.js +2 -0
  29. package/lib/ai-pref.js +2 -0
  30. package/lib/ai-prompt.js +2 -0
  31. package/lib/ai-quota.js +2 -0
  32. package/lib/api-key.js +2 -0
  33. package/lib/api-snapshot.js +2 -0
  34. package/lib/app-shutdown.js +2 -0
  35. package/lib/app.js +2 -0
  36. package/lib/archive-adapters.js +2 -0
  37. package/lib/archive-entry-policy.js +2 -0
  38. package/lib/archive-gz.js +2 -0
  39. package/lib/archive-read.js +2 -0
  40. package/lib/archive-tar-read.js +2 -0
  41. package/lib/archive-tar.js +2 -0
  42. package/lib/archive-wrap.js +2 -0
  43. package/lib/archive.js +2 -0
  44. package/lib/arg-parser.js +2 -0
  45. package/lib/argon2-builtin.js +2 -0
  46. package/lib/asn1-der.js +2 -0
  47. package/lib/asyncapi-bindings.js +2 -0
  48. package/lib/asyncapi-traits.js +2 -0
  49. package/lib/asyncapi.js +2 -0
  50. package/lib/atomic-file.js +2 -0
  51. package/lib/audit-chain.js +2 -0
  52. package/lib/audit-daily-review.js +2 -0
  53. package/lib/audit-emit.js +2 -0
  54. package/lib/audit-sign.js +2 -0
  55. package/lib/audit-tools.js +2 -0
  56. package/lib/audit.js +2 -0
  57. package/lib/auth/aal.js +2 -0
  58. package/lib/auth/access-lock.js +2 -0
  59. package/lib/auth/acr-vocabulary.js +2 -0
  60. package/lib/auth/ato-kill-switch.js +2 -0
  61. package/lib/auth/auth-time-tracker.js +2 -0
  62. package/lib/auth/bot-challenge.js +2 -0
  63. package/lib/auth/ciba.js +2 -0
  64. package/lib/auth/dpop.js +2 -0
  65. package/lib/auth/elevation-grant.js +2 -0
  66. package/lib/auth/fal.js +2 -0
  67. package/lib/auth/fido-mds3.js +2 -0
  68. package/lib/auth/jar.js +2 -0
  69. package/lib/auth/jwt-external.js +2 -0
  70. package/lib/auth/jwt.js +2 -0
  71. package/lib/auth/lockout.js +2 -0
  72. package/lib/auth/oauth.js +84 -17
  73. package/lib/auth/oid4vci.js +2 -0
  74. package/lib/auth/oid4vp.js +2 -0
  75. package/lib/auth/openid-federation.js +2 -0
  76. package/lib/auth/passkey.js +2 -0
  77. package/lib/auth/password.js +2 -0
  78. package/lib/auth/saml.js +30 -5
  79. package/lib/auth/sd-jwt-vc-disclosure.js +2 -0
  80. package/lib/auth/sd-jwt-vc-holder.js +2 -0
  81. package/lib/auth/sd-jwt-vc-issuer.js +2 -0
  82. package/lib/auth/sd-jwt-vc.js +2 -0
  83. package/lib/auth/status-list.js +2 -0
  84. package/lib/auth/step-up-policy.js +2 -0
  85. package/lib/auth/step-up.js +2 -0
  86. package/lib/auth-bot-challenge.js +2 -0
  87. package/lib/auth-header.js +2 -0
  88. package/lib/backup/bundle.js +2 -0
  89. package/lib/backup/crypto.js +2 -0
  90. package/lib/backup/index.js +14 -0
  91. package/lib/backup/manifest.js +2 -0
  92. package/lib/base32.js +2 -0
  93. package/lib/boot-gates.js +2 -0
  94. package/lib/bounded-map.js +2 -0
  95. package/lib/breach-deadline.js +2 -0
  96. package/lib/break-glass.js +2 -0
  97. package/lib/budr.js +2 -0
  98. package/lib/bundler.js +2 -0
  99. package/lib/cache-redis.js +2 -0
  100. package/lib/cache-status.js +2 -0
  101. package/lib/cache.js +2 -0
  102. package/lib/calendar.js +2 -0
  103. package/lib/canonical-json.js +2 -0
  104. package/lib/cbor.js +2 -0
  105. package/lib/cdn-cache-control.js +2 -0
  106. package/lib/cert.js +2 -0
  107. package/lib/chain-writer.js +2 -0
  108. package/lib/circuit-breaker.js +2 -0
  109. package/lib/cli-helpers.js +2 -0
  110. package/lib/cli.js +57 -20
  111. package/lib/client-hints.js +2 -0
  112. package/lib/cloud-events.js +2 -0
  113. package/lib/cluster-provider-db.js +2 -0
  114. package/lib/cluster-storage.js +2 -0
  115. package/lib/cluster.js +2 -0
  116. package/lib/cms-codec.js +2 -0
  117. package/lib/codepoint-class.js +2 -0
  118. package/lib/compliance-ai-act-logging.js +2 -0
  119. package/lib/compliance-ai-act-prohibited.js +2 -0
  120. package/lib/compliance-ai-act-risk.js +2 -0
  121. package/lib/compliance-ai-act-transparency.js +2 -0
  122. package/lib/compliance-ai-act.js +2 -0
  123. package/lib/compliance-eaa.js +2 -0
  124. package/lib/compliance-sanctions-aliases.js +2 -0
  125. package/lib/compliance-sanctions-fetcher.js +2 -0
  126. package/lib/compliance-sanctions-fuzzy.js +2 -0
  127. package/lib/compliance-sanctions.js +2 -0
  128. package/lib/compliance.js +2 -0
  129. package/lib/config-drift.js +2 -0
  130. package/lib/config.js +2 -0
  131. package/lib/consent.js +2 -0
  132. package/lib/constants.js +2 -0
  133. package/lib/content-credentials.js +2 -0
  134. package/lib/content-digest.js +2 -0
  135. package/lib/cookies.js +2 -0
  136. package/lib/cose.js +2 -0
  137. package/lib/cra-report.js +2 -0
  138. package/lib/crdt.js +2 -0
  139. package/lib/credential-hash.js +2 -0
  140. package/lib/crypto-field.js +2 -0
  141. package/lib/crypto-hpke-pq.js +2 -0
  142. package/lib/crypto-hpke.js +2 -0
  143. package/lib/crypto-oprf.js +2 -0
  144. package/lib/crypto-xwing.js +2 -0
  145. package/lib/crypto.js +2 -0
  146. package/lib/csp.js +2 -0
  147. package/lib/csv.js +2 -0
  148. package/lib/cwt.js +2 -0
  149. package/lib/daemon.js +2 -0
  150. package/lib/dark-patterns.js +2 -0
  151. package/lib/data-act.js +2 -0
  152. package/lib/db-collection.js +2 -0
  153. package/lib/db-declare-row-policy.js +2 -0
  154. package/lib/db-declare-view.js +2 -0
  155. package/lib/db-file-lifecycle.js +2 -0
  156. package/lib/db-query.js +2 -0
  157. package/lib/db-role-context.js +2 -0
  158. package/lib/db-schema.js +2 -0
  159. package/lib/db.js +2 -0
  160. package/lib/dbsc.js +2 -0
  161. package/lib/ddl-change-control.js +2 -0
  162. package/lib/deprecate.js +2 -0
  163. package/lib/dev.js +2 -0
  164. package/lib/did.js +2 -0
  165. package/lib/dora.js +2 -0
  166. package/lib/dr-runbook.js +2 -0
  167. package/lib/dsa.js +2 -0
  168. package/lib/dsr.js +2 -0
  169. package/lib/dual-control.js +2 -0
  170. package/lib/early-hints.js +2 -0
  171. package/lib/eat.js +2 -0
  172. package/lib/error-page.js +2 -0
  173. package/lib/events.js +2 -0
  174. package/lib/external-db-migrate.js +2 -0
  175. package/lib/external-db.js +2 -0
  176. package/lib/fapi2.js +2 -0
  177. package/lib/fda-21cfr11.js +2 -0
  178. package/lib/fdx.js +2 -0
  179. package/lib/fedcm.js +2 -0
  180. package/lib/file-type.js +2 -0
  181. package/lib/file-upload.js +2 -0
  182. package/lib/flag-cache.js +2 -0
  183. package/lib/flag-evaluation-context.js +2 -0
  184. package/lib/flag-providers.js +2 -0
  185. package/lib/flag-targeting.js +2 -0
  186. package/lib/flag.js +2 -0
  187. package/lib/forms.js +2 -0
  188. package/lib/framework-error.js +2 -0
  189. package/lib/framework-files.js +2 -0
  190. package/lib/framework-schema.js +2 -0
  191. package/lib/framework-sha1-hibp.js +2 -0
  192. package/lib/fsm.js +2 -0
  193. package/lib/gate-contract.js +2 -0
  194. package/lib/gdpr-ropa.js +2 -0
  195. package/lib/graphql-federation.js +2 -0
  196. package/lib/guard-agent-registry.js +2 -0
  197. package/lib/guard-all.js +2 -0
  198. package/lib/guard-archive.js +2 -0
  199. package/lib/guard-auth.js +2 -0
  200. package/lib/guard-cidr.js +2 -0
  201. package/lib/guard-csv.js +2 -0
  202. package/lib/guard-domain.js +2 -0
  203. package/lib/guard-dsn.js +2 -0
  204. package/lib/guard-email.js +2 -0
  205. package/lib/guard-envelope.js +2 -0
  206. package/lib/guard-event-bus-payload.js +2 -0
  207. package/lib/guard-event-bus-topic.js +2 -0
  208. package/lib/guard-filename.js +2 -0
  209. package/lib/guard-graphql.js +2 -0
  210. package/lib/guard-html-wcag-aria.js +2 -0
  211. package/lib/guard-html-wcag-forms.js +2 -0
  212. package/lib/guard-html-wcag-tables.js +2 -0
  213. package/lib/guard-html-wcag-tagwalk.js +2 -0
  214. package/lib/guard-html-wcag.js +2 -0
  215. package/lib/guard-html.js +2 -0
  216. package/lib/guard-idempotency-key.js +2 -0
  217. package/lib/guard-image.js +2 -0
  218. package/lib/guard-imap-command.js +2 -0
  219. package/lib/guard-jmap.js +2 -0
  220. package/lib/guard-json.js +2 -0
  221. package/lib/guard-jsonpath.js +2 -0
  222. package/lib/guard-jwt.js +2 -0
  223. package/lib/guard-list-id.js +2 -0
  224. package/lib/guard-list-unsubscribe.js +2 -0
  225. package/lib/guard-mail-compose.js +2 -0
  226. package/lib/guard-mail-move.js +2 -0
  227. package/lib/guard-mail-query.js +2 -0
  228. package/lib/guard-mail-reply.js +2 -0
  229. package/lib/guard-mail-sieve.js +2 -0
  230. package/lib/guard-managesieve-command.js +2 -0
  231. package/lib/guard-markdown.js +2 -0
  232. package/lib/guard-message-id.js +2 -0
  233. package/lib/guard-mime.js +2 -0
  234. package/lib/guard-oauth.js +2 -0
  235. package/lib/guard-pdf.js +2 -0
  236. package/lib/guard-pop3-command.js +2 -0
  237. package/lib/guard-posture-chain.js +2 -0
  238. package/lib/guard-regex.js +2 -0
  239. package/lib/guard-saga-config.js +2 -0
  240. package/lib/guard-shell.js +2 -0
  241. package/lib/guard-smtp-command.js +2 -0
  242. package/lib/guard-snapshot-envelope.js +2 -0
  243. package/lib/guard-sql.js +2 -0
  244. package/lib/guard-stream-args.js +2 -0
  245. package/lib/guard-svg.js +2 -0
  246. package/lib/guard-template.js +2 -0
  247. package/lib/guard-tenant-id.js +2 -0
  248. package/lib/guard-text.js +2 -0
  249. package/lib/guard-time.js +2 -0
  250. package/lib/guard-trace-context.js +2 -0
  251. package/lib/guard-uuid.js +2 -0
  252. package/lib/guard-xml.js +2 -0
  253. package/lib/guard-yaml.js +2 -0
  254. package/lib/hal.js +2 -0
  255. package/lib/handlers.js +2 -0
  256. package/lib/honeytoken.js +2 -0
  257. package/lib/html-balance.js +2 -0
  258. package/lib/http-client-cache.js +2 -0
  259. package/lib/http-client-cookie-jar.js +2 -0
  260. package/lib/http-client.js +2 -0
  261. package/lib/http-message-signature.js +2 -0
  262. package/lib/http2-teardown.js +2 -0
  263. package/lib/i18n-messageformat.js +2 -0
  264. package/lib/i18n.js +2 -0
  265. package/lib/iab-mspa.js +2 -0
  266. package/lib/iab-tcf.js +2 -0
  267. package/lib/importmap-integrity.js +2 -0
  268. package/lib/inbox.js +2 -0
  269. package/lib/incident-report.js +2 -0
  270. package/lib/ip-utils.js +2 -0
  271. package/lib/jobs.js +2 -0
  272. package/lib/jose-jwe-experimental.js +2 -0
  273. package/lib/json-merge-patch.js +2 -0
  274. package/lib/json-patch.js +2 -0
  275. package/lib/json-path.js +2 -0
  276. package/lib/json-pointer.js +2 -0
  277. package/lib/json-schema.js +2 -0
  278. package/lib/jsonapi.js +2 -0
  279. package/lib/jtd.js +2 -0
  280. package/lib/jwk.js +2 -0
  281. package/lib/keychain.js +32 -10
  282. package/lib/lazy-require.js +2 -0
  283. package/lib/legal-hold.js +2 -0
  284. package/lib/link-header.js +2 -0
  285. package/lib/local-db-thin.js +2 -0
  286. package/lib/log-stream-cloudwatch.js +2 -0
  287. package/lib/log-stream-local.js +2 -0
  288. package/lib/log-stream-otlp-grpc.js +2 -0
  289. package/lib/log-stream-otlp.js +2 -0
  290. package/lib/log-stream-syslog.js +2 -0
  291. package/lib/log-stream-webhook.js +2 -0
  292. package/lib/log-stream.js +2 -0
  293. package/lib/log.js +2 -0
  294. package/lib/lro.js +2 -0
  295. package/lib/mail-agent.js +2 -0
  296. package/lib/mail-arc-reuse-token.js +2 -0
  297. package/lib/mail-arc-sign.js +2 -0
  298. package/lib/mail-arf.js +2 -0
  299. package/lib/mail-auth.js +7 -1
  300. package/lib/mail-bimi.js +2 -0
  301. package/lib/mail-bounce.js +2 -0
  302. package/lib/mail-crypto-pgp.js +2 -0
  303. package/lib/mail-crypto-smime.js +2 -0
  304. package/lib/mail-crypto.js +2 -0
  305. package/lib/mail-dav.js +2 -0
  306. package/lib/mail-deploy.js +2 -0
  307. package/lib/mail-dkim.js +2 -0
  308. package/lib/mail-greylist.js +2 -0
  309. package/lib/mail-helo.js +2 -0
  310. package/lib/mail-journal.js +2 -0
  311. package/lib/mail-mdn.js +2 -0
  312. package/lib/mail-rbl.js +2 -0
  313. package/lib/mail-require-tls.js +2 -0
  314. package/lib/mail-scan.js +2 -0
  315. package/lib/mail-send-deliver.js +2 -0
  316. package/lib/mail-server-imap.js +2 -0
  317. package/lib/mail-server-jmap.js +2 -0
  318. package/lib/mail-server-managesieve.js +2 -0
  319. package/lib/mail-server-mx.js +2 -0
  320. package/lib/mail-server-net.js +2 -0
  321. package/lib/mail-server-pop3.js +2 -0
  322. package/lib/mail-server-rate-limit.js +2 -0
  323. package/lib/mail-server-registry.js +2 -0
  324. package/lib/mail-server-submission.js +2 -0
  325. package/lib/mail-server-tls.js +2 -0
  326. package/lib/mail-sieve.js +2 -0
  327. package/lib/mail-spam-score.js +2 -0
  328. package/lib/mail-srs.js +2 -0
  329. package/lib/mail-store-fts.js +2 -0
  330. package/lib/mail-store.js +2 -0
  331. package/lib/mail-unsubscribe.js +2 -0
  332. package/lib/mail.js +2 -0
  333. package/lib/markup-escape.js +2 -0
  334. package/lib/markup-tokenizer.js +2 -0
  335. package/lib/mcp-tool-registry.js +2 -0
  336. package/lib/mcp.js +2 -0
  337. package/lib/mdoc.js +2 -0
  338. package/lib/metrics.js +2 -0
  339. package/lib/middleware/age-gate.js +2 -0
  340. package/lib/middleware/ai-act-disclosure.js +2 -0
  341. package/lib/middleware/api-encrypt.js +2 -0
  342. package/lib/middleware/assetlinks.js +2 -0
  343. package/lib/middleware/asyncapi-serve.js +2 -0
  344. package/lib/middleware/attach-user.js +2 -0
  345. package/lib/middleware/bearer-auth.js +2 -0
  346. package/lib/middleware/body-parser.js +2 -0
  347. package/lib/middleware/bot-disclose.js +2 -0
  348. package/lib/middleware/bot-guard.js +2 -0
  349. package/lib/middleware/clear-site-data.js +2 -0
  350. package/lib/middleware/compose-pipeline.js +2 -0
  351. package/lib/middleware/compression.js +2 -0
  352. package/lib/middleware/cookies.js +2 -0
  353. package/lib/middleware/cors.js +2 -0
  354. package/lib/middleware/csp-nonce.js +2 -0
  355. package/lib/middleware/csp-report.js +2 -0
  356. package/lib/middleware/csrf-protect.js +2 -0
  357. package/lib/middleware/daily-byte-quota.js +2 -0
  358. package/lib/middleware/db-role-for.js +2 -0
  359. package/lib/middleware/deny-response.js +2 -0
  360. package/lib/middleware/dpop.js +2 -0
  361. package/lib/middleware/error-handler.js +2 -0
  362. package/lib/middleware/fetch-metadata.js +2 -0
  363. package/lib/middleware/flag-context.js +2 -0
  364. package/lib/middleware/gpc.js +2 -0
  365. package/lib/middleware/headers.js +2 -0
  366. package/lib/middleware/health.js +2 -0
  367. package/lib/middleware/host-allowlist.js +2 -0
  368. package/lib/middleware/idempotency-key.js +2 -0
  369. package/lib/middleware/index.js +2 -0
  370. package/lib/middleware/nel.js +2 -0
  371. package/lib/middleware/network-allowlist.js +2 -0
  372. package/lib/middleware/no-cache.js +2 -0
  373. package/lib/middleware/openapi-serve.js +2 -0
  374. package/lib/middleware/protected-resource-metadata.js +2 -0
  375. package/lib/middleware/rate-limit.js +2 -0
  376. package/lib/middleware/request-id.js +2 -0
  377. package/lib/middleware/request-log.js +2 -0
  378. package/lib/middleware/require-aal.js +2 -0
  379. package/lib/middleware/require-auth.js +2 -0
  380. package/lib/middleware/require-bound-key.js +2 -0
  381. package/lib/middleware/require-content-type.js +2 -0
  382. package/lib/middleware/require-methods.js +2 -0
  383. package/lib/middleware/require-mtls.js +2 -0
  384. package/lib/middleware/require-step-up.js +2 -0
  385. package/lib/middleware/scim-server.js +2 -0
  386. package/lib/middleware/security-headers.js +2 -0
  387. package/lib/middleware/security-txt.js +2 -0
  388. package/lib/middleware/span-http-server.js +2 -0
  389. package/lib/middleware/speculation-rules.js +2 -0
  390. package/lib/middleware/sse.js +2 -0
  391. package/lib/middleware/trace-log-correlation.js +2 -0
  392. package/lib/middleware/trace-propagate.js +2 -0
  393. package/lib/middleware/tus-upload.js +2 -0
  394. package/lib/middleware/web-app-manifest.js +2 -0
  395. package/lib/migration-files.js +2 -0
  396. package/lib/migrations.js +2 -0
  397. package/lib/mime-parse.js +2 -0
  398. package/lib/module-loader.js +2 -0
  399. package/lib/money.js +2 -0
  400. package/lib/mtls-ca.js +2 -0
  401. package/lib/mtls-engine-default.js +2 -0
  402. package/lib/network-byte-quota.js +2 -0
  403. package/lib/network-dane.js +2 -0
  404. package/lib/network-dns-resolver.js +2 -0
  405. package/lib/network-dns.js +2 -0
  406. package/lib/network-dnssec.js +2 -0
  407. package/lib/network-heartbeat.js +2 -0
  408. package/lib/network-nts.js +2 -0
  409. package/lib/network-proxy.js +2 -0
  410. package/lib/network-smtp-policy.js +6 -1
  411. package/lib/network-tls.js +2 -0
  412. package/lib/network-tsig.js +2 -0
  413. package/lib/network.js +2 -0
  414. package/lib/nis2-report.js +2 -0
  415. package/lib/nist-crosswalk.js +2 -0
  416. package/lib/nonce-store.js +2 -0
  417. package/lib/notify.js +2 -0
  418. package/lib/ntp-check.js +2 -0
  419. package/lib/numeric-bounds.js +2 -0
  420. package/lib/numeric-checks.js +2 -0
  421. package/lib/object-store/azure-blob-bucket-ops.js +2 -0
  422. package/lib/object-store/azure-blob.js +2 -0
  423. package/lib/object-store/gcs-bucket-ops.js +2 -0
  424. package/lib/object-store/gcs.js +2 -0
  425. package/lib/object-store/http-put.js +2 -0
  426. package/lib/object-store/http-request.js +2 -0
  427. package/lib/object-store/index.js +2 -0
  428. package/lib/object-store/local.js +2 -0
  429. package/lib/object-store/sigv4-bucket-ops.js +2 -0
  430. package/lib/object-store/sigv4.js +2 -0
  431. package/lib/observability-otlp-exporter.js +2 -0
  432. package/lib/observability-tracer.js +2 -0
  433. package/lib/observability.js +2 -0
  434. package/lib/openapi-paths-builder.js +2 -0
  435. package/lib/openapi-schema-walk.js +2 -0
  436. package/lib/openapi-security.js +2 -0
  437. package/lib/openapi-yaml.js +2 -0
  438. package/lib/openapi.js +2 -0
  439. package/lib/otel-export.js +2 -0
  440. package/lib/outbox.js +2 -0
  441. package/lib/pagination.js +2 -0
  442. package/lib/parsers/index.js +2 -0
  443. package/lib/parsers/safe-env.js +2 -0
  444. package/lib/parsers/safe-ini.js +2 -0
  445. package/lib/parsers/safe-toml.js +2 -0
  446. package/lib/parsers/safe-xml.js +2 -0
  447. package/lib/parsers/safe-yaml.js +2 -0
  448. package/lib/permissions.js +2 -0
  449. package/lib/pick.js +2 -0
  450. package/lib/pipl-cn.js +2 -0
  451. package/lib/pqc-agent.js +2 -0
  452. package/lib/pqc-gate.js +2 -0
  453. package/lib/pqc-software.js +2 -0
  454. package/lib/privacy-pass.js +2 -0
  455. package/lib/privacy.js +2 -0
  456. package/lib/problem-details.js +2 -0
  457. package/lib/process-spawn.js +2 -0
  458. package/lib/promise-pool.js +2 -0
  459. package/lib/protobuf-encoder.js +2 -0
  460. package/lib/protocol-dispatcher.js +2 -0
  461. package/lib/public-suffix.js +2 -0
  462. package/lib/pubsub-cluster.js +2 -0
  463. package/lib/pubsub-redis.js +2 -0
  464. package/lib/pubsub.js +2 -0
  465. package/lib/queue-local.js +2 -0
  466. package/lib/queue-redis.js +2 -0
  467. package/lib/queue-sqs.js +2 -0
  468. package/lib/queue.js +2 -0
  469. package/lib/redact.js +2 -0
  470. package/lib/redis-client.js +2 -0
  471. package/lib/render.js +2 -0
  472. package/lib/request-helpers.js +2 -0
  473. package/lib/resource-access-lock.js +2 -0
  474. package/lib/restore-bundle.js +2 -0
  475. package/lib/restore-rollback.js +2 -0
  476. package/lib/restore.js +2 -0
  477. package/lib/retention.js +2 -0
  478. package/lib/retry.js +2 -0
  479. package/lib/rfc3339.js +2 -0
  480. package/lib/router.js +83 -18
  481. package/lib/safe-archive.js +2 -0
  482. package/lib/safe-async.js +2 -0
  483. package/lib/safe-buffer.js +2 -0
  484. package/lib/safe-decompress.js +2 -0
  485. package/lib/safe-dns.js +2 -0
  486. package/lib/safe-ical.js +2 -0
  487. package/lib/safe-icap.js +2 -0
  488. package/lib/safe-json.js +2 -0
  489. package/lib/safe-jsonpath.js +2 -0
  490. package/lib/safe-mime.js +2 -0
  491. package/lib/safe-mount-info.js +2 -0
  492. package/lib/safe-path.js +2 -0
  493. package/lib/safe-redirect.js +2 -0
  494. package/lib/safe-schema.js +2 -0
  495. package/lib/safe-sieve.js +2 -0
  496. package/lib/safe-smtp.js +2 -0
  497. package/lib/safe-sql.js +2 -0
  498. package/lib/safe-url.js +2 -0
  499. package/lib/safe-vcard.js +2 -0
  500. package/lib/sandbox-worker.js +2 -0
  501. package/lib/sandbox.js +2 -0
  502. package/lib/scheduler.js +2 -0
  503. package/lib/scitt.js +2 -0
  504. package/lib/sd-notify.js +2 -0
  505. package/lib/sec-cyber.js +2 -0
  506. package/lib/security-assert.js +2 -0
  507. package/lib/seeders.js +2 -0
  508. package/lib/self-update-standalone-verifier.js +2 -0
  509. package/lib/self-update.js +2 -0
  510. package/lib/server-timing.js +2 -0
  511. package/lib/session-device-binding.js +2 -0
  512. package/lib/session-stores.js +2 -0
  513. package/lib/session.js +2 -0
  514. package/lib/slug.js +2 -0
  515. package/lib/sql.js +2 -0
  516. package/lib/sse.js +2 -0
  517. package/lib/ssrf-guard.js +2 -0
  518. package/lib/standard-webhooks.js +2 -0
  519. package/lib/static.js +2 -0
  520. package/lib/storage.js +2 -0
  521. package/lib/stream-throttle.js +2 -0
  522. package/lib/structured-fields.js +2 -0
  523. package/lib/subject.js +2 -0
  524. package/lib/tcpa-10dlc.js +2 -0
  525. package/lib/template.js +2 -0
  526. package/lib/tenant-quota.js +2 -0
  527. package/lib/test-harness.js +2 -0
  528. package/lib/testing.js +2 -0
  529. package/lib/time.js +2 -0
  530. package/lib/tls-exporter.js +2 -0
  531. package/lib/totp.js +2 -0
  532. package/lib/tracing.js +2 -0
  533. package/lib/tsa.js +2 -0
  534. package/lib/uri-template.js +2 -0
  535. package/lib/uuid.js +2 -0
  536. package/lib/validate-opts.js +2 -0
  537. package/lib/vault/index.js +2 -0
  538. package/lib/vault/passphrase-ops.js +2 -0
  539. package/lib/vault/passphrase-source.js +2 -0
  540. package/lib/vault/rotate.js +2 -0
  541. package/lib/vault/seal-pem-file.js +2 -0
  542. package/lib/vault/wrap.js +2 -0
  543. package/lib/vault-aad.js +2 -0
  544. package/lib/vc.js +2 -0
  545. package/lib/vendor-data.js +2 -0
  546. package/lib/vex.js +2 -0
  547. package/lib/watcher.js +2 -0
  548. package/lib/web-push-vapid.js +2 -0
  549. package/lib/webhook-dispatcher.js +2 -0
  550. package/lib/webhook.js +2 -0
  551. package/lib/websocket-channels.js +2 -0
  552. package/lib/websocket.js +2 -0
  553. package/lib/wiki-concepts.js +2 -0
  554. package/lib/worker-pool.js +2 -0
  555. package/lib/worm.js +2 -0
  556. package/lib/ws-client.js +2 -0
  557. package/lib/x509-chain.js +2 -0
  558. package/lib/xml-c14n.js +2 -0
  559. package/package.json +1 -1
  560. package/sbom.cdx.json +6 -6
package/lib/auth/oauth.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * oauth — OAuth 2 / OIDC client.
@@ -959,7 +961,11 @@ async function verifyClientAttestation(attestationJwt, popJwt, vopts) {
959
961
  throw new OAuthError("auth-oauth/attestation-pop-seen-callback-failed",
960
962
  "client-attestation-pop: seenJti() callback threw: " + ((e && e.message) || String(e)));
961
963
  }
962
- if (unseen === false) {
964
+ // Fail closed on ANY non-truthy result. The contract is "returns truthy
965
+ // when UNSEEN"; an operator store fronting Redis EXISTS / SISMEMBER or a
966
+ // SQL COUNT returns 0 (falsy, not `false`) on a replay, so an
967
+ // `=== false` comparison would miss it and accept the replayed PoP.
968
+ if (!unseen) {
963
969
  throw new OAuthError("auth-oauth/attestation-pop-replay",
964
970
  "client-attestation-pop: jti already seen (replay refused, draft §12.1)");
965
971
  }
@@ -980,6 +986,47 @@ function _constantTimeStrEq(a, b) {
980
986
  return cryptoTimingSafeEqual(a, b);
981
987
  }
982
988
 
989
+ // Framework-managed authorization-request parameters. Operator-supplied
990
+ // extraParams may not carry any of these — the builder generates them and
991
+ // RETURNS the security-critical ones (state, PKCE verifier/challenge) to the
992
+ // caller, so an extraParams override would silently diverge the returned
993
+ // values from what the URL/PAR body actually carries (a broken CSRF / PKCE
994
+ // binding). Covers redirect target, client identity, requested response,
995
+ // scope, state, nonce, PKCE challenge, response mode, RAR details, and the
996
+ // JAR request container.
997
+ var RESERVED_AUTHZ_PARAMS = {
998
+ "response_type": 1,
999
+ "client_id": 1,
1000
+ "redirect_uri": 1,
1001
+ "scope": 1,
1002
+ "state": 1,
1003
+ "nonce": 1,
1004
+ "code_challenge": 1,
1005
+ "code_challenge_method": 1,
1006
+ "response_mode": 1,
1007
+ "authorization_details": 1,
1008
+ "request": 1,
1009
+ "request_uri": 1,
1010
+ };
1011
+
1012
+ // Refuse operator-supplied extraParams keys that collide with a framework-
1013
+ // managed parameter. extraParams is operator-controlled, so a collision is a
1014
+ // config-time bug (a library merge / copy-paste) — refuse it loudly rather
1015
+ // than let it shadow a value the framework generated and returned. Fail
1016
+ // closed; shared by authorizationUrl, pushAuthorizationRequest, and
1017
+ // endSessionUrl so every URL/PAR builder guards the same way.
1018
+ function _assertNoReservedExtraParams(extraParams, reserved, errCode, ctx) {
1019
+ if (!extraParams || typeof extraParams !== "object") return;
1020
+ var ek = Object.keys(extraParams);
1021
+ for (var i = 0; i < ek.length; i++) {
1022
+ if (Object.prototype.hasOwnProperty.call(reserved, ek[i])) {
1023
+ throw new OAuthError(errCode,
1024
+ ctx + ": extraParams key '" + ek[i] + "' collides with a " +
1025
+ "framework-managed parameter — pass it through the named option instead");
1026
+ }
1027
+ }
1028
+ }
1029
+
983
1030
  // ---- core ----
984
1031
 
985
1032
  function create(opts) {
@@ -1259,7 +1306,14 @@ function create(opts) {
1259
1306
  params.set("authorization_details", JSON.stringify(requestedAuthzDetails));
1260
1307
  }
1261
1308
  // Operator-supplied additional params (audience, resource, etc.).
1309
+ // Refuse keys that collide with a framework-managed parameter so an
1310
+ // operator typo / library-merge can't shadow the redirect_uri / state /
1311
+ // code_challenge the builder generated and returned — which would
1312
+ // silently diverge the returned {state, verifier} from the URL and
1313
+ // break the CSRF / PKCE binding.
1262
1314
  if (uopts.extraParams && typeof uopts.extraParams === "object") {
1315
+ _assertNoReservedExtraParams(uopts.extraParams, RESERVED_AUTHZ_PARAMS,
1316
+ "auth-oauth/reserved-extra-param", "authorizationUrl");
1263
1317
  var ek = Object.keys(uopts.extraParams);
1264
1318
  for (var i = 0; i < ek.length; i++) params.set(ek[i], String(uopts.extraParams[ek[i]]));
1265
1319
  }
@@ -1371,23 +1425,30 @@ function create(opts) {
1371
1425
  throw new OAuthError("auth-oauth/seen-callback-failed",
1372
1426
  "refreshAccessToken: checkAndInsert() callback threw: " + ((e && e.message) || String(e)));
1373
1427
  }
1374
- // Spec contract: inserted===true → first sighting (OK);
1375
- // inserted===false → replay. v0.9.3 had this inverted, which
1376
- // broke every first refresh attempt for operators reusing an
1377
- // existing b.nonceStore-style backend.
1378
- alreadySeen = inserted === false;
1428
+ // Spec contract: a TRUTHY result → first sighting (the value was
1429
+ // inserted, OK); a FALSY result → replay. v0.9.3 had this inverted,
1430
+ // which broke every first refresh attempt for operators reusing an
1431
+ // existing b.nonceStore-style backend. Test truthiness, not an
1432
+ // `=== false` literal: a store fronting Redis SETNX / SQL INSERT
1433
+ // returns 0 (falsy, not `false`) when the row already existed, so
1434
+ // an exact-literal compare would miss the replay and fail OPEN.
1435
+ alreadySeen = !inserted;
1379
1436
  } else if (typeof ropts.seen === "function") {
1380
1437
  // Legacy non-atomic path. Documented as a check-then-act race;
1381
1438
  // operators sharing a single-writer store (Redis SETNX, DB
1382
1439
  // INSERT ON CONFLICT) MUST migrate to checkAndInsert. Stays
1383
1440
  // here for backwards-compat with existing operator code.
1441
+ // Legacy contract: truthy → the token was presented before (replay).
1442
+ // The value is used by truthiness at the gate below, so a store
1443
+ // returning 1 from Redis EXISTS / a SQL COUNT is honored as "seen"
1444
+ // instead of being missed by an `=== true` literal compare.
1384
1445
  try { alreadySeen = await ropts.seen(refreshToken); }
1385
1446
  catch (e) {
1386
1447
  throw new OAuthError("auth-oauth/seen-callback-failed",
1387
1448
  "refreshAccessToken: seen() callback threw: " + ((e && e.message) || String(e)));
1388
1449
  }
1389
1450
  }
1390
- if (alreadySeen === true) {
1451
+ if (alreadySeen) {
1391
1452
  throw new OAuthError("auth-oauth/refresh-token-replay",
1392
1453
  "refreshAccessToken: refresh token has been presented before — refused " +
1393
1454
  "(OAuth 2.1 §6.1 / RFC 9700 §4.13 one-time-use defense). The operator MUST " +
@@ -2010,15 +2071,10 @@ function create(opts) {
2010
2071
  "ui_locales": 1,
2011
2072
  "client_id": 1,
2012
2073
  };
2074
+ _assertNoReservedExtraParams(uopts.extraParams, RESERVED_END_SESSION_PARAMS,
2075
+ "auth-oauth/end-session-reserved-extra-param", "endSessionUrl");
2013
2076
  var ek = Object.keys(uopts.extraParams);
2014
- for (var i = 0; i < ek.length; i++) {
2015
- if (RESERVED_END_SESSION_PARAMS[ek[i]]) {
2016
- throw new OAuthError("auth-oauth/end-session-reserved-extra-param",
2017
- "endSessionUrl: extraParams key '" + ek[i] + "' collides with a first-class " +
2018
- "RP-Init Logout parameter — pass it through the named field instead");
2019
- }
2020
- params.set(ek[i], String(uopts.extraParams[ek[i]]));
2021
- }
2077
+ for (var i = 0; i < ek.length; i++) params.set(ek[i], String(uopts.extraParams[ek[i]]));
2022
2078
  }
2023
2079
  var qs = params.toString();
2024
2080
  if (qs.length === 0) return endpoint;
@@ -2106,6 +2162,11 @@ function create(opts) {
2106
2162
  : JSON.stringify(requestedAuthzDetails); // form param — JSON string
2107
2163
  }
2108
2164
  if (uopts.extraParams && typeof uopts.extraParams === "object") {
2165
+ // Same reserved-key guard as authorizationUrl — a PAR request pushes
2166
+ // the identical security-critical parameter set, so extraParams may
2167
+ // not shadow redirect_uri / state / code_challenge here either.
2168
+ _assertNoReservedExtraParams(uopts.extraParams, RESERVED_AUTHZ_PARAMS,
2169
+ "auth-oauth/reserved-extra-param", "pushAuthorizationRequest");
2109
2170
  var ek = Object.keys(uopts.extraParams);
2110
2171
  for (var i = 0; i < ek.length; i++) authzParams[ek[i]] = String(uopts.extraParams[ek[i]]);
2111
2172
  }
@@ -2352,7 +2413,10 @@ function create(opts) {
2352
2413
  "verifyBackchannelLogoutToken: atomicReplayStore.checkAndInsert threw: " +
2353
2414
  ((e && e.message) || String(e)));
2354
2415
  }
2355
- if (inserted === false) {
2416
+ // Fail closed on ANY non-truthy result. A store fronting SETNX / an
2417
+ // ON-CONFLICT INSERT returns 0 (falsy, not `false`) on a duplicate,
2418
+ // so an `=== false` compare would miss the replay.
2419
+ if (!inserted) {
2356
2420
  throw new OAuthError("auth-oauth/logout-token-replay",
2357
2421
  "verifyBackchannelLogoutToken: jti '" + claims.jti +
2358
2422
  "' already seen — replay refused (atomic)");
@@ -2368,7 +2432,10 @@ function create(opts) {
2368
2432
  throw new OAuthError("auth-oauth/seen-callback-failed",
2369
2433
  "verifyBackchannelLogoutToken: seen() callback threw: " + ((e && e.message) || String(e)));
2370
2434
  }
2371
- if (first === false) {
2435
+ // Fail closed on ANY non-truthy result — `seen()` returns truthy the
2436
+ // first time it sees the (jti, iss) pair; a store returning 0 for a
2437
+ // duplicate must still refuse, which an `=== false` compare would miss.
2438
+ if (!first) {
2372
2439
  throw new OAuthError("auth-oauth/logout-token-replay",
2373
2440
  "verifyBackchannelLogoutToken: jti already seen — replay refused");
2374
2441
  }
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.auth.oid4vci
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.auth.oid4vp
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.auth.openidFederation
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Passkey / WebAuthn (FIDO2) — registration + authentication primitives.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Argon2id password hashing — public framework primitive.
package/lib/auth/saml.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.auth.saml
@@ -1050,7 +1052,7 @@ function create(opts) {
1050
1052
  "parseLogoutRequest: inflate failed: " + ((e && e.message) || String(e)));
1051
1053
  }
1052
1054
  // Verify the redirect-binding signature when an IdP key is supplied.
1053
- if (vopts.idpVerifyKey) {
1055
+ if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutRequest")) {
1054
1056
  if (typeof vopts.queryString !== "string") {
1055
1057
  throw new AuthError("auth-saml/no-query-string",
1056
1058
  "parseLogoutRequest: idpVerifyKey requires queryString (raw URL query)");
@@ -1238,7 +1240,7 @@ function create(opts) {
1238
1240
  throw new AuthError("auth-saml/bad-saml-response",
1239
1241
  "parseLogoutResponse: inflate failed: " + ((e && e.message) || String(e)));
1240
1242
  }
1241
- if (vopts.idpVerifyKey) {
1243
+ if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutResponse")) {
1242
1244
  if (typeof vopts.queryString !== "string") {
1243
1245
  throw new AuthError("auth-saml/no-query-string",
1244
1246
  "parseLogoutResponse: idpVerifyKey requires queryString");
@@ -1410,7 +1412,7 @@ function create(opts) {
1410
1412
  "parseLogoutRequestPost: samlRequestB64 must be a non-empty string");
1411
1413
  }
1412
1414
  var xml = Buffer.from(samlRequestB64, "base64").toString("utf8");
1413
- if (vopts.idpVerifyKey || vopts.idpVerifyAlg) {
1415
+ if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutRequestPost")) {
1414
1416
  _verifyEmbeddedXmlDsig(xml, vopts.idpVerifyKey, vopts.idpVerifyAlg, "LogoutRequest");
1415
1417
  }
1416
1418
  var c14n = xmlC14n();
@@ -1532,7 +1534,7 @@ function create(opts) {
1532
1534
  "parseLogoutResponseSoap: soap:Body is empty");
1533
1535
  }
1534
1536
  var innerXml = Buffer.from(c14n.canonicalize(inner)).toString("utf8");
1535
- if (vopts.idpVerifyKey || vopts.idpVerifyAlg) {
1537
+ if (_verifyConfig(vopts.idpVerifyKey, vopts.idpVerifyAlg, "parseLogoutResponseSoap")) {
1536
1538
  _verifyEmbeddedXmlDsig(innerXml, vopts.idpVerifyKey, vopts.idpVerifyAlg, "LogoutResponse");
1537
1539
  }
1538
1540
  var innerLocal = inner.name.split(":").pop();
@@ -1864,8 +1866,31 @@ function _embedXmlDsig(bodyXml, refId, signingKey, signingAlg) {
1864
1866
  return bodyXml.substring(0, splitAt) + sigEl + bodyXml.substring(splitAt);
1865
1867
  }
1866
1868
 
1869
+ // SLO verification-config gate. Presence of EITHER idpVerifyKey or
1870
+ // idpVerifyAlg signals the operator intends to verify the inbound
1871
+ // message; a half-supplied pair is a configuration error, never a
1872
+ // license to skip the signature check. Returns true when both are
1873
+ // present (verify), false when neither is (verification not requested),
1874
+ // and throws — fail closed — when exactly one is present, so a
1875
+ // fat-fingered verifier can never silently accept a forged, unsigned
1876
+ // LogoutRequest / LogoutResponse. Every SLO parse path (HTTP-Redirect,
1877
+ // HTTP-POST, SOAP) routes its verify decision through this one gate so
1878
+ // the redirect and back-channel bindings agree on fail-closed behavior.
1879
+ function _verifyConfig(idpVerifyKey, idpVerifyAlg, ctx) {
1880
+ if (!idpVerifyKey && !idpVerifyAlg) return false;
1881
+ if (!idpVerifyKey) {
1882
+ throw new AuthError("auth-saml/no-verify-key",
1883
+ ctx + ": idpVerifyAlg supplied without idpVerifyKey — verification cannot proceed");
1884
+ }
1885
+ if (!idpVerifyAlg) {
1886
+ throw new AuthError("auth-saml/no-verify-alg",
1887
+ ctx + ": idpVerifyKey supplied without idpVerifyAlg (alg is required when key is supplied)");
1888
+ }
1889
+ return true;
1890
+ }
1891
+
1867
1892
  function _verifyEmbeddedXmlDsig(xml, idpVerifyKey, idpVerifyAlg, expectedRootLocal) {
1868
- if (!idpVerifyKey || !idpVerifyAlg) return;
1893
+ if (!_verifyConfig(idpVerifyKey, idpVerifyAlg, "_verifyEmbeddedXmlDsig")) return;
1869
1894
  var sigAlgUrn = _sigAlgUrn(idpVerifyAlg);
1870
1895
  if (!sigAlgUrn) {
1871
1896
  throw new AuthError("auth-saml/bad-verify-alg",
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * SD-JWT VC disclosure encoding/decoding helper.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.auth.sdJwtVc.holder — operator-side holder/wallet helper.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.auth.sdJwtVc.issuer — operator-side SD-JWT VC issuer factory.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.auth.sdJwtVc — Selective Disclosure JWT for Verifiable Credentials
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * OAuth Token Status List (draft-ietf-oauth-status-list-20).
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Step-up policy DSL — compose RFC 9470 step-up requirements as a
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * RFC 9470 — OAuth 2.0 Step-Up Authentication Challenge.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.authBotChallenge
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.authHeader
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * backup-bundle — produce an encrypted backup bundle on disk.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * backup-crypto — passphrase-based symmetric crypto for backup files.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.backup
@@ -1176,7 +1178,19 @@ function bundleAdapterStorage(opts) {
1176
1178
  "the adapter — the wrap layer composes only with tar / tar.gz bundles. Per-file " +
1177
1179
  "encryption for directory format is a future patch alongside the _crypto-base.js refactor.");
1178
1180
  }
1181
+ // Mirror create()'s ambient-posture read (see the create() encryption
1182
+ // gate above): an explicit opts.posture wins, but when it is unset the
1183
+ // globally-pinned compliance posture (b.compliance.set(...)) still drives
1184
+ // the encryption-required gate. Without this fallback a deployment that
1185
+ // pins HIPAA / PCI-DSS once and constructs the store with the documented
1186
+ // default ({ adapter }, cryptoStrategy defaulting to "none") slips a
1187
+ // plaintext bundle store past a gate create() enforces on encrypt:false —
1188
+ // an asymmetric fail-open under the same regulated posture.
1179
1189
  var posture = opts.posture;
1190
+ if (posture === undefined || posture === null) {
1191
+ try { posture = compliance().current(); }
1192
+ catch (_e) { posture = null; } // compliance optional at construction time
1193
+ }
1180
1194
  if (posture && BACKUP_ENCRYPTION_REQUIRED_POSTURES.indexOf(posture) !== -1) {
1181
1195
  if (cryptoStrategy === "none") {
1182
1196
  throw new BackupError("backup/posture-requires-encryption",
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * backup-manifest — schema + validation for backup bundle manifests.
package/lib/base32.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.base32
package/lib/boot-gates.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.bootGates
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * bounded-map — a Map facade that caps its entry count.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * b.breach.deadline + b.breach.report — US state breach-notification
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.breakGlass
package/lib/budr.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.budr
package/lib/bundler.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.bundler
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Redis-backed cache backend for b.cache.
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.cacheStatus
package/lib/cache.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.cache
package/lib/calendar.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.calendar
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.canonicalJson
package/lib/cbor.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.cbor
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.cdnCacheControl
package/lib/cert.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.cert
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.chainWriter
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.circuitBreaker
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.cliHelpers
package/lib/cli.js CHANGED
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * cli — the engine behind `blamejs` on the command line.
@@ -346,6 +348,44 @@ function _coerceList(val) {
346
348
  return Array.isArray(val) ? val.slice() : [val];
347
349
  }
348
350
 
351
+ // Compile one operator-supplied `dev --ignore` pattern to a RegExp,
352
+ // refusing (with a CliError the caller converts to exit 2) any pattern
353
+ // that is over-length, a ReDoS catastrophic-backtracking shape, or one
354
+ // RegExp() itself can't compile. Every refusal shape raises the same
355
+ // CliError type so a single caller-side catch takes the standard
356
+ // exit-2 + stderr path.
357
+ function _compileIgnorePattern(s) {
358
+ var str = String(s);
359
+ if (str.length > MAX_IGNORE_PATTERN_LENGTH) {
360
+ throw new CliError("cli/bad-ignore-pattern",
361
+ "blamejs dev: --ignore pattern exceeds max length " +
362
+ MAX_IGNORE_PATTERN_LENGTH + " (got " + str.length + ")");
363
+ }
364
+ // ReDoS / catastrophic-backtracking defense — refuses nested-quant
365
+ // (CVE-2024-21538 class), consecutive-* (CVE-2026-26996), nested
366
+ // extglob (CVE-2026-33671), and lookaround-quant shapes before the
367
+ // pattern reaches RegExp(). Operator typo / hostile-input identical
368
+ // shape from here on — both want the same refusal.
369
+ try {
370
+ guardRegex.sanitize(str, { profile: "strict" });
371
+ } catch (e) {
372
+ throw new CliError("cli/bad-ignore-pattern",
373
+ "blamejs dev: --ignore pattern refused by guardRegex: " +
374
+ ((e && e.message) || String(e)));
375
+ }
376
+ // A pattern that clears the ReDoS screen can still be un-compilable
377
+ // (unbalanced group, dangling quantifier). RegExp() throws a
378
+ // SyntaxError here — route it through the same refusal, not up to a
379
+ // main() rejection.
380
+ try {
381
+ return RegExp(str);
382
+ } catch (e) {
383
+ throw new CliError("cli/bad-ignore-pattern",
384
+ "blamejs dev: --ignore pattern is not a valid regular expression: " +
385
+ ((e && e.message) || String(e)));
386
+ }
387
+ }
388
+
349
389
  async function _runDev(args, ctx) {
350
390
  if (args.flags.help || args.flags.h) {
351
391
  _writeLine(ctx.stdout, DEV_USAGE);
@@ -359,27 +399,24 @@ async function _runDev(args, ctx) {
359
399
  }
360
400
  var argList = _coerceList(args.flags.arg).map(String);
361
401
  var watchList = _coerceList(args.flags.watch).map(String);
362
- var ignoreList = _coerceList(args.flags.ignore).map(function (s) {
363
- var str = String(s);
364
- if (str.length > MAX_IGNORE_PATTERN_LENGTH) {
365
- throw new CliError("cli/bad-ignore-pattern",
366
- "blamejs dev: --ignore pattern exceeds max length " +
367
- MAX_IGNORE_PATTERN_LENGTH + " (got " + str.length + ")");
368
- }
369
- // ReDoS / catastrophic-backtracking defense refuses nested-quant
370
- // (CVE-2024-21538 class), consecutive-* (CVE-2026-26996), nested
371
- // extglob (CVE-2026-33671), and lookaround-quant shapes before the
372
- // pattern reaches RegExp(). Operator typo / hostile-input identical
373
- // shape from here on — both want the same refusal.
374
- try {
375
- guardRegex.sanitize(str, { profile: "strict" });
376
- } catch (e) {
377
- throw new CliError("cli/bad-ignore-pattern",
378
- "blamejs dev: --ignore pattern refused by guardRegex: " +
379
- ((e && e.message) || String(e)));
402
+ // --ignore validation is operator-input validation, not an internal
403
+ // fault: a refused pattern must take the same exit-2 + stderr path
404
+ // every other dev flag uses, never reject main()'s awaited promise
405
+ // (the bin shim would surface a rejection as a stack trace + exit 1).
406
+ // The per-pattern helper raises a CliError for the three refusal
407
+ // shapes over-length, guardRegex-refused, and an un-compilable
408
+ // RegExp — and the catch below converts any of them to the standard
409
+ // refusal path; a non-CliError (a genuine internal fault) re-throws.
410
+ var ignoreList;
411
+ try {
412
+ ignoreList = _coerceList(args.flags.ignore).map(_compileIgnorePattern);
413
+ } catch (e) {
414
+ if (e && e.isCliError) {
415
+ _writeLine(ctx.stderr, e.message || String(e));
416
+ return 2;
380
417
  }
381
- return RegExp(str);
382
- });
418
+ throw e;
419
+ }
383
420
  var graceMs = args.flags["grace-ms"] !== undefined ? Number(args.flags["grace-ms"]) : undefined;
384
421
  if (graceMs !== undefined && (!Number.isFinite(graceMs) || graceMs < 0)) {
385
422
  _writeLine(ctx.stderr, "blamejs dev: --grace-ms must be a non-negative number");
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.clientHints
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * @module b.cloudEvents
@@ -1,3 +1,5 @@
1
+ // SPDX-License-Identifier: Apache-2.0
2
+ // Copyright (c) blamejs contributors
1
3
  "use strict";
2
4
  /**
3
5
  * Default cluster-coordination provider — DB-row-based leader election.